Plus the last few crops of items that Oracle addressed containing items not
fixed for almost 2 years, plus the fact that their security patches often
fail to apply properly, plus the fact that their security patches now appear
to sometimes not address the problem properly if at all, plus the fact that
Oracle touts security, ran a nice big unbreakable campaign, etc, etc.

There's a ton of anecdotal evidence. There's a ton of security advisories
with notification to release times measured in years (this actually seems to
be quite normal). What more do you need? I look at open source vendors and
projects, they have become amazingly responsive (major Linux kernel issues
addressed in <1 month as a rule, often in days or a week), and even the
closed sourced vendors that formerly were problematic have gotten better in
general (Microsoft is a good example of improvement, pity they have to
maintain scuh complete backwards compatibility though or I suspect we'd see
much more improvement).

In the last 7 or so years I haven't seen much in the way of improvement from
Oracle, security-wise.

Re: Oracle security advisory 67 is released... >> applies to all versions of oracle applications and ... >> Oracle security alerts page and also links to the finders ... >> advisory and Oracles advisory. ... are you just trying to spam the group for your business?...(alt.computer.security)